Users who want to log out of an application or website typically require, at the least, a username and password. Also users may have more than one account per application. For an authenticated user to access their applications, websites and data, they usually adopt substantially similar means for most if not all their accounts. Also, if users desire to share sessions with other devices and/or users they need to do this by sharing, at the very least, the relevant usernames and passwords. This results in systems' insecurities and a means for identity fraud. Today, evermore, websites and applications are insisting on the use of stronger usernames and passwords as well as layers of information and interaction before allowing access to, one or another part of, their application and data by the a user. This becomes a hindrance to having one or more sessions opened on multiple devices or having sessions shared amongst multiple users under standard network connections. Also, websites and applications change their logging methods and processes from time-to-time to assure that only credible human users are allowed access. This makes access and retrieval secure but frustrating, not only for the initiating-user, the so called master, but even more so for those devices and third party users that are allowed to share a session securely with the master-user and his or her initiating-device.
Once any device and/or user is properly authenticated, the system need protect against undesired intrusion and manipulation whilst assuring that legitimate users can seamlessly access applications and data. Various methods and processes have been proposed to address these problems.
U.S. Pat. No. 8,484,287, entitled “Systems and methods for cookie proxy jar management across cores in a multi-core system”, discloses systems and methods for managing cookies by a multi-core device. The device is intermediary to a client and one or more servers. A first core of a multi-core device receives a response from a server to a request of the client through a user session. The response comprises a cookie. The first core removes the cookie from the response and stores the cookie in a corresponding storage for the session. The first core forwards the response without the cookie to the client. A second core then receives via a session, a second request from the client. The second core determines the identification of the first core as owner of the session from the second request. The second core then communicates to the first core a third request for cookie information for the session.
U.S. Pat. No. 8,667,575, entitled “Systems and methods for AAA-traffic management information sharing across cores in a multi-core system”, discloses methods for propagating authentication session information to a plurality of cores of a multi-core device includes establishing, by an authentication virtual server executing on a first core of a device intermediary to at least one client and server, a session for a user, the authentication virtual server authenticating the session. A traffic management virtual server executes on a second core of device, and receives a request to access a server via the session. The traffic management virtual server may identify, responsive to a determination that the session is not stored by the second core, from an identifier of the session that the first core established the session. The second core may send to the first core a request for data for the session identified by the identifier. The second core may receive from the first core a response to the second request identifying whether the session is valid.
U.S. Pat. No. 8,656,154, entitled “Cloud based service logout using cryptographic challenge response”, discloses a cloud based service use may be logged into the service through multiple client devices simultaneously. Methods, systems and computer program products based upon cryptographic challenge response are provided to efficiently and securely simultaneously effect a logout from the cloud based service at one or many logged-in client devices associated with the user. When a valid logout request is received by the cloud based service, a current key associated with the user is invalidated, and in some instances, replaced with a new key. Upon subsequent attempts to use the cloud based service by the user, one or more tokens residing on any previously logged-in client device associated the user will not allow cloud based service usage until the user validly logs into the cloud-based service and receives one or more new tokens based upon the new key at each client device.
U.S. Pat. No. 8,578,461, entitled “Authenticating an auxiliary device from a portable electronic device”, discloses a method for authenticating a browser executing on an auxiliary device with a web service executing on a portable electronic device. The method includes receiving a request for a resource from the browser, determining whether the request identifies a protected resource, and selectively authenticating the request based on whether the request identifies a protected resource.
U.S. Pat. No. 8,667,146, entitled “Systems and methods for configuration driven rewrite of SSL VPN clientless sessions”, discloses solutions for an enterprise providing services to a variety of clients to enable the client to use the resources provided by the enterprise by modifying URLs received and the URLs from the responses from the servers to the client's requests before forwarding the requests and the responses to the intended destinations. An intermediary may identify an access profile for a clients' request to access a server via a clientless SSL VPN session. The intermediary may detect one or more URLs in content served by the server in response to the request using one or more regular expressions of the access profile. The intermediary may rewrite or modify, responsive to detecting, the one or more detected URLs in accordance with a URL transformation specified by one or more rewrite policies of the access profile. The response with modified URLs may be forwarded to the client.
U.S. Pat. No. 8,661,495, entitled “Methods and apparatus for browsing using alternative linkbases”, discloses systems and methods for navigating hypermedia using multiple coordinated input/output device sets. Disclosed systems and methods allow a user and/or an author to control what resources are presented on which device sets (whether they are integrated or not), and provide for coordinating browsing activities to enable such a user interface to be employed across multiple independent systems. Disclosed systems and methods also support new and enriched aspects and applications of hypermedia browsing and related business activities.
However, there is a need for methods and processes for transparently managing, suspending, restoring, sharing, limiting and migrating user sessions on a device without having access to user credentials.